cvss-suite 3.0.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/rspec.yml +4 -4
  3. data/.github/workflows/rubocop.yml +3 -4
  4. data/.rspec +1 -0
  5. data/.rubocop.yml +20 -0
  6. data/.rubocop_todo.yml +2 -2
  7. data/CHANGES.md +34 -0
  8. data/CODE_OF_CONDUCT.md +0 -5
  9. data/Gemfile +0 -6
  10. data/LICENSE.md +12 -2
  11. data/README.md +20 -11
  12. data/cvss_suite.gemspec +12 -14
  13. data/lib/cvss_suite/cvss.rb +7 -55
  14. data/lib/cvss_suite/cvss2/cvss2.rb +2 -8
  15. data/lib/cvss_suite/cvss2/cvss2_base.rb +0 -6
  16. data/lib/cvss_suite/cvss2/cvss2_environmental.rb +0 -6
  17. data/lib/cvss_suite/cvss2/cvss2_temporal.rb +0 -6
  18. data/lib/cvss_suite/cvss3/cvss3.rb +8 -8
  19. data/lib/cvss_suite/cvss3/cvss3_base.rb +8 -14
  20. data/lib/cvss_suite/cvss3/cvss3_environmental.rb +11 -17
  21. data/lib/cvss_suite/cvss3/cvss3_temporal.rb +3 -9
  22. data/lib/cvss_suite/cvss31/cvss31.rb +8 -8
  23. data/lib/cvss_suite/cvss31/cvss31_base.rb +8 -14
  24. data/lib/cvss_suite/cvss31/cvss31_environmental.rb +11 -17
  25. data/lib/cvss_suite/cvss31/cvss31_temporal.rb +3 -9
  26. data/lib/cvss_suite/cvss40/cvss40.rb +43 -0
  27. data/lib/cvss_suite/cvss40/cvss40_all_up.rb +40 -0
  28. data/lib/cvss_suite/cvss40/cvss40_base.rb +86 -0
  29. data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb +397 -0
  30. data/lib/cvss_suite/cvss40/cvss40_constants_levels.rb +26 -0
  31. data/lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb +278 -0
  32. data/lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb +41 -0
  33. data/lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb +31 -0
  34. data/lib/cvss_suite/cvss40/cvss40_environmental.rb +105 -0
  35. data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb +47 -0
  36. data/lib/cvss_suite/cvss40/cvss40_supplemental.rb +66 -0
  37. data/lib/cvss_suite/cvss40/cvss40_threat.rb +34 -0
  38. data/lib/cvss_suite/cvss_31_and_before.rb +61 -0
  39. data/lib/cvss_suite/cvss_40_and_later.rb +51 -0
  40. data/lib/cvss_suite/cvss_metric.rb +7 -7
  41. data/lib/cvss_suite/cvss_property.rb +23 -8
  42. data/lib/cvss_suite/errors.rb +0 -6
  43. data/lib/cvss_suite/helpers/cvss31_helper.rb +0 -6
  44. data/lib/cvss_suite/helpers/cvss3_helper.rb +0 -6
  45. data/lib/cvss_suite/invalid_cvss.rb +0 -6
  46. data/lib/cvss_suite/version.rb +1 -7
  47. data/lib/cvss_suite.rb +48 -11
  48. metadata +40 -11
data/lib/cvss_suite/cvss3/cvss3_environmental.rb CHANGED
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -55,66 +49,66 @@ module CvssSuite
55
49
 
56
50
  def init_properties
57
51
  @properties.push(@confidentiality_requirement =
58
- CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
52
+ CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR',
59
53
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
60
54
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
61
55
  { name: 'High', abbreviation: 'H', weight: 1.5 },
62
56
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
63
57
  @properties.push(@integrity_requirement =
64
- CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
58
+ CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR',
65
59
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
66
60
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
67
61
  { name: 'High', abbreviation: 'H', weight: 1.5 },
68
62
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
69
63
 
70
64
  @properties.push(@availability_requirement =
71
- CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
65
+ CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR',
72
66
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
73
67
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
74
68
  { name: 'High', abbreviation: 'H', weight: 1.5 },
75
69
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
76
70
  @properties.push(@modified_attack_vector =
77
- CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV', position: [11, 14],
71
+ CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV',
78
72
  values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
79
73
  { name: 'Adjacent Network', abbreviation: 'A', weight: 0.62 },
80
74
  { name: 'Local', abbreviation: 'L', weight: 0.55 },
81
75
  { name: 'Physical', abbreviation: 'P', weight: 0.2 },
82
76
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
83
77
  @properties.push(@modified_attack_complexity =
84
- CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC', position: [12, 15],
78
+ CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC',
85
79
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
86
80
  { name: 'High', abbreviation: 'H', weight: 0.44 },
87
81
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
88
82
  @properties.push(@modified_privileges_required =
89
- CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR', position: [13, 16],
83
+ CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR',
90
84
  values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
91
85
  { name: 'Low', abbreviation: 'L', weight: 0.62 },
92
86
  { name: 'High', abbreviation: 'H', weight: 0.27 },
93
87
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
94
88
  @properties.push(@modified_user_interaction =
95
- CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI', position: [14, 17],
89
+ CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI',
96
90
  values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
97
91
  { name: 'Required', abbreviation: 'R', weight: 0.62 },
98
92
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
99
93
  @properties.push(@modified_scope =
100
- CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS', position: [15, 18],
94
+ CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS',
101
95
  values: [{ name: 'Changed', abbreviation: 'C' },
102
96
  { name: 'Unchanged', abbreviation: 'U' },
103
97
  { name: 'Not Defined', abbreviation: 'X' }]))
104
98
  @properties.push(@modified_confidentiality =
105
- CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC', position: [16, 19],
99
+ CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC',
106
100
  values: [{ name: 'None', abbreviation: 'N', weight: 0 },
107
101
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
108
102
  { name: 'High', abbreviation: 'H', weight: 0.56 },
109
103
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
110
104
  @properties.push(@modified_integrity =
111
- CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI', position: [17, 20],
105
+ CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI',
112
106
  values: [{ name: 'None', abbreviation: 'N', weight: 0 },
113
107
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
114
108
  { name: 'High', abbreviation: 'H', weight: 0.56 },
115
109
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
116
110
  @properties.push(@modified_availability =
117
- CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA', position: [18, 21],
111
+ CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA',
118
112
  values: [{ name: 'None', abbreviation: 'N', weight: 0 },
119
113
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
120
114
  { name: 'High', abbreviation: 'H', weight: 0.56 },
data/lib/cvss_suite/cvss3/cvss3_temporal.rb CHANGED
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2016-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -32,14 +26,14 @@ module CvssSuite
32
26
 
33
27
  def init_properties
34
28
  @properties.push(@exploit_code_maturity =
35
- CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', position: [8],
29
+ CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E',
36
30
  values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
37
31
  { name: 'Unproven', abbreviation: 'U', weight: 0.91 },
38
32
  { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
39
33
  { name: 'Functional', abbreviation: 'F', weight: 0.97 },
40
34
  { name: 'High', abbreviation: 'H', weight: 1.0 }]))
41
35
  @properties.push(@remediation_level =
42
- CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [9],
36
+ CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL',
43
37
  values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
44
38
  { name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
45
39
  { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
@@ -47,7 +41,7 @@ module CvssSuite
47
41
  { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
48
42
 
49
43
  @properties.push(@report_confidence =
50
- CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [10],
44
+ CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC',
51
45
  values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
52
46
  { name: 'Unknown', abbreviation: 'U', weight: 0.92 },
53
47
  { name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
data/lib/cvss_suite/cvss31/cvss31.rb CHANGED
@@ -1,15 +1,9 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2019-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
12
- require_relative '../cvss'
6
+ require_relative '../cvss_31_and_before'
13
7
  require_relative 'cvss31_base'
14
8
  require_relative 'cvss31_temporal'
15
9
  require_relative 'cvss31_environmental'
@@ -18,7 +12,7 @@ require_relative '../helpers/cvss31_helper'
18
12
  module CvssSuite
19
13
  ##
20
14
  # This class represents a CVSS vector in version 3.1.
21
- class Cvss31 < Cvss
15
+ class Cvss31 < Cvss31AndBefore
22
16
  ##
23
17
  # Returns the Version of the CVSS vector.
24
18
 
@@ -50,6 +44,12 @@ module CvssSuite
50
44
  Cvss31Helper.round_up(@environmental.score(@base, @temporal))
51
45
  end
52
46
 
47
+ ##
48
+ # Returns the vector itself.
49
+ def vector
50
+ "#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
51
+ end
52
+
53
53
  private
54
54
 
55
55
  def init_metrics
data/lib/cvss_suite/cvss31/cvss31_base.rb CHANGED
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2019-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -52,40 +46,40 @@ module CvssSuite
52
46
 
53
47
  def init_properties
54
48
  @properties.push(@attack_vector =
55
- CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV', position: [0],
49
+ CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV',
56
50
  values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
57
51
  { name: 'Adjacent', abbreviation: 'A', weight: 0.62 },
58
52
  { name: 'Local', abbreviation: 'L', weight: 0.55 },
59
53
  { name: 'Physical', abbreviation: 'P', weight: 0.2 }]))
60
54
  @properties.push(@attack_complexity =
61
- CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC', position: [1],
55
+ CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC',
62
56
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
63
57
  { name: 'High', abbreviation: 'H', weight: 0.44 }]))
64
58
  @properties.push(@privileges_required =
65
- CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR', position: [2],
59
+ CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR',
66
60
  values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
67
61
  { name: 'Low', abbreviation: 'L', weight: 0.62 },
68
62
  { name: 'High', abbreviation: 'H', weight: 0.27 }]))
69
63
  @properties.push(@user_interaction =
70
- CvssProperty.new(name: 'User Interaction', abbreviation: 'UI', position: [3],
64
+ CvssProperty.new(name: 'User Interaction', abbreviation: 'UI',
71
65
  values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
72
66
  { name: 'Required', abbreviation: 'R', weight: 0.62 }]))
73
67
  @properties.push(@scope =
74
- CvssProperty.new(name: 'Scope', abbreviation: 'S', position: [4],
68
+ CvssProperty.new(name: 'Scope', abbreviation: 'S',
75
69
  values: [{ name: 'Unchanged', abbreviation: 'U' },
76
70
  { name: 'Changed', abbreviation: 'C' }]))
77
71
  @properties.push(@confidentiality =
78
- CvssProperty.new(name: 'Confidentiality', abbreviation: 'C', position: [5],
72
+ CvssProperty.new(name: 'Confidentiality', abbreviation: 'C',
79
73
  values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
80
74
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
81
75
  { name: 'High', abbreviation: 'H', weight: 0.56 }]))
82
76
  @properties.push(@integrity =
83
- CvssProperty.new(name: 'Integrity', abbreviation: 'I', position: [6],
77
+ CvssProperty.new(name: 'Integrity', abbreviation: 'I',
84
78
  values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
85
79
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
86
80
  { name: 'High', abbreviation: 'H', weight: 0.56 }]))
87
81
  @properties.push(@availability =
88
- CvssProperty.new(name: 'Availability', abbreviation: 'A', position: [7],
82
+ CvssProperty.new(name: 'Availability', abbreviation: 'A',
89
83
  values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
90
84
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
91
85
  { name: 'High', abbreviation: 'H', weight: 0.56 }]))
data/lib/cvss_suite/cvss31/cvss31_environmental.rb CHANGED
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2019-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -55,66 +49,66 @@ module CvssSuite
55
49
 
56
50
  def init_properties
57
51
  @properties.push(@confidentiality_requirement =
58
- CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR', position: [8, 11],
52
+ CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR',
59
53
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
60
54
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
61
55
  { name: 'High', abbreviation: 'H', weight: 1.5 },
62
56
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
63
57
  @properties.push(@integrity_requirement =
64
- CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR', position: [9, 12],
58
+ CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR',
65
59
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
66
60
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
67
61
  { name: 'High', abbreviation: 'H', weight: 1.5 },
68
62
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
69
63
 
70
64
  @properties.push(@availability_requirement =
71
- CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR', position: [10, 13],
65
+ CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR',
72
66
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
73
67
  { name: 'Medium', abbreviation: 'M', weight: 1.0 },
74
68
  { name: 'High', abbreviation: 'H', weight: 1.5 },
75
69
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
76
70
  @properties.push(@modified_attack_vector =
77
- CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV', position: [11, 14],
71
+ CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV',
78
72
  values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
79
73
  { name: 'Adjacent Network', abbreviation: 'A', weight: 0.62 },
80
74
  { name: 'Local', abbreviation: 'L', weight: 0.55 },
81
75
  { name: 'Physical', abbreviation: 'P', weight: 0.2 },
82
76
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
83
77
  @properties.push(@modified_attack_complexity =
84
- CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC', position: [12, 15],
78
+ CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC',
85
79
  values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
86
80
  { name: 'High', abbreviation: 'H', weight: 0.44 },
87
81
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
88
82
  @properties.push(@modified_privileges_required =
89
- CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR', position: [13, 16],
83
+ CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR',
90
84
  values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
91
85
  { name: 'Low', abbreviation: 'L', weight: 0.62 },
92
86
  { name: 'High', abbreviation: 'H', weight: 0.27 },
93
87
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
94
88
  @properties.push(@modified_user_interaction =
95
- CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI', position: [14, 17],
89
+ CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI',
96
90
  values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
97
91
  { name: 'Required', abbreviation: 'R', weight: 0.62 },
98
92
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
99
93
  @properties.push(@modified_scope =
100
- CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS', position: [15, 18],
94
+ CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS',
101
95
  values: [{ name: 'Changed', abbreviation: 'C' },
102
96
  { name: 'Unchanged', abbreviation: 'U' },
103
97
  { name: 'Not Defined', abbreviation: 'X' }]))
104
98
  @properties.push(@modified_confidentiality =
105
- CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC', position: [16, 19],
99
+ CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC',
106
100
  values: [{ name: 'None', abbreviation: 'N', weight: 0 },
107
101
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
108
102
  { name: 'High', abbreviation: 'H', weight: 0.56 },
109
103
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
110
104
  @properties.push(@modified_integrity =
111
- CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI', position: [17, 20],
105
+ CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI',
112
106
  values: [{ name: 'None', abbreviation: 'N', weight: 0 },
113
107
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
114
108
  { name: 'High', abbreviation: 'H', weight: 0.56 },
115
109
  { name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
116
110
  @properties.push(@modified_availability =
117
- CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA', position: [18, 21],
111
+ CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA',
118
112
  values: [{ name: 'None', abbreviation: 'N', weight: 0 },
119
113
  { name: 'Low', abbreviation: 'L', weight: 0.22 },
120
114
  { name: 'High', abbreviation: 'H', weight: 0.56 },
data/lib/cvss_suite/cvss31/cvss31_temporal.rb CHANGED
@@ -1,11 +1,5 @@
1
1
  # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
2
  #
3
- # Copyright (c) 2019-2022 Siemens AG
4
- # Copyright (c) 2022 0llirocks
5
- #
6
- # Authors:
7
- # 0llirocks <http://0lli.rocks>
8
- #
9
3
  # This work is licensed under the terms of the MIT license.
10
4
  # See the LICENSE.md file in the top-level directory.
11
5
 
@@ -32,14 +26,14 @@ module CvssSuite
32
26
 
33
27
  def init_properties
34
28
  @properties.push(@exploit_code_maturity =
35
- CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E', position: [8],
29
+ CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E',
36
30
  values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
37
31
  { name: 'Unproven', abbreviation: 'U', weight: 0.91 },
38
32
  { name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
39
33
  { name: 'Functional', abbreviation: 'F', weight: 0.97 },
40
34
  { name: 'High', abbreviation: 'H', weight: 1.0 }]))
41
35
  @properties.push(@remediation_level =
42
- CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL', position: [9],
36
+ CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL',
43
37
  values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
44
38
  { name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
45
39
  { name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
@@ -47,7 +41,7 @@ module CvssSuite
47
41
  { name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
48
42
 
49
43
  @properties.push(@report_confidence =
50
- CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC', position: [10],
44
+ CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC',
51
45
  values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
52
46
  { name: 'Unknown', abbreviation: 'U', weight: 0.92 },
53
47
  { name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
data/lib/cvss_suite/cvss40/cvss40.rb ADDED
@@ -0,0 +1,43 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative '../cvss_40_and_later'
7
+ require_relative 'cvss40_base'
8
+ require_relative 'cvss40_supplemental'
9
+ require_relative 'cvss40_threat'
10
+ require_relative 'cvss40_environmental'
11
+ require_relative 'cvss40_environmental_security'
12
+ require_relative 'cvss40_all_up'
13
+
14
+ module CvssSuite
15
+ ##
16
+ # This class represents a CVSS vector in version 4.0.
17
+ class Cvss40 < Cvss40AndLater
18
+ ##
19
+ # Returns the Version of the CVSS vector.
20
+
21
+ def version
22
+ 4.0
23
+ end
24
+
25
+ ##
26
+ # Returns the vector itself.
27
+ def vector
28
+ "#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
29
+ end
30
+
31
+ private
32
+
33
+ def init_metrics
34
+ @base = Cvss40Base.new(@properties)
35
+ @threat = Cvss40Threat.new(@properties)
36
+ @environmental = Cvss40Environmental.new(@properties)
37
+ @environmental_security = Cvss40EnvironmentalSecurity.new(@properties)
38
+ @supplemental = Cvss40Supplemental.new(@properties)
39
+
40
+ @all_up = Cvss40AllUp.new(@properties, @base, @threat, @environmental, @environmental_security, @supplemental)
41
+ end
42
+ end
43
+ end
data/lib/cvss_suite/cvss40/cvss40_all_up.rb ADDED
@@ -0,0 +1,40 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative '../cvss_property'
7
+ require_relative '../cvss_metric'
8
+ require_relative 'cvss40_base'
9
+ require_relative 'cvss40_threat'
10
+
11
+ module CvssSuite
12
+ ##
13
+ # This class represents a CVSS Threat metric in version 3.1.
14
+ class Cvss40AllUp < CvssMetric
15
+ ##
16
+ # Returns score of this metric
17
+ def score
18
+ Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
19
+ end
20
+
21
+ def initialize(properties, base, threat, environmental, environmental_security, supplemental)
22
+ @properties_to_later_initialize_from = properties
23
+ @base = base
24
+ @threat = threat
25
+ @environmental = environmental
26
+ @environmental_security = environmental_security
27
+ @supplemental = supplemental
28
+ super(properties)
29
+ end
30
+
31
+ private
32
+
33
+ def init_properties
34
+ # All up takes it's properties from all other scores
35
+ properties_to_add = @base.properties + @threat.properties + @environmental.properties +
36
+ @environmental_security.properties + @supplemental.properties
37
+ properties_to_add.each { |p| @properties.push p }
38
+ end
39
+ end
40
+ end
data/lib/cvss_suite/cvss40/cvss40_base.rb ADDED
@@ -0,0 +1,86 @@
1
+ # CVSS-Suite, a Ruby gem to manage the CVSS vector
2
+ #
3
+ # This work is licensed under the terms of the MIT license.
4
+ # See the LICENSE.md file in the top-level directory.
5
+
6
+ require_relative '../cvss_property'
7
+ require_relative '../cvss_metric'
8
+ require_relative 'cvss40_calc_helper'
9
+
10
+ module CvssSuite
11
+ ##
12
+ # This class represents a CVSS Base metric in version 4.0.
13
+ class Cvss40Base < CvssMetric
14
+ ##
15
+ # Property of this metric
16
+
17
+ attr_reader :attack_vector, :attack_complexity, :attack_requirements, :privileges_required, :user_interaction,
18
+ :vulnerable_system_confidentiality, :vulnerable_system_integrity, :vulnerable_system_availability,
19
+ :subsequent_system_confidentiality, :subsequent_system_integrity, :subsequent_system_availability
20
+
21
+ ##
22
+ # Returns score of this metric
23
+ def score
24
+ Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
25
+ end
26
+
27
+ private
28
+
29
+ def init_properties
30
+ @properties.push(@attack_vector =
31
+ CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV',
32
+ values: [{ name: 'Network', abbreviation: 'N' },
33
+ { name: 'Adjacent', abbreviation: 'A' },
34
+ { name: 'Local', abbreviation: 'L' },
35
+ { name: 'Physical', abbreviation: 'P' }]))
36
+ @properties.push(@attack_complexity =
37
+ CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC',
38
+ values: [{ name: 'Low', abbreviation: 'L' },
39
+ { name: 'High', abbreviation: 'H' }]))
40
+ @properties.push(@attack_requirements =
41
+ CvssProperty.new(name: 'Attack Requirements', abbreviation: 'AT',
42
+ values: [{ name: 'None', abbreviation: 'N' },
43
+ { name: 'Present', abbreviation: 'P' }]))
44
+ @properties.push(@privileges_required =
45
+ CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR',
46
+ values: [{ name: 'None', abbreviation: 'N' },
47
+ { name: 'Low', abbreviation: 'L' },
48
+ { name: 'High', abbreviation: 'H' }]))
49
+ @properties.push(@user_interaction =
50
+ CvssProperty.new(name: 'User Interaction', abbreviation: 'UI',
51
+ values: [{ name: 'None', abbreviation: 'N' },
52
+ { name: 'Passive', abbreviation: 'P' },
53
+ { name: 'Active', abbreviation: 'A' }]))
54
+ @properties.push(@vulnerable_system_confidentiality =
55
+ CvssProperty.new(name: 'Vulnerable System Confidentiality Impact', abbreviation: 'VC',
56
+ values: [{ name: 'None', abbreviation: 'N' },
57
+ { name: 'Low', abbreviation: 'L' },
58
+ { name: 'High', abbreviation: 'H' }]))
59
+ @properties.push(@vulnerable_system_integrity =
60
+ CvssProperty.new(name: 'Vulnerable System Integrity Impact', abbreviation: 'VI',
61
+ values: [{ name: 'None', abbreviation: 'N' },
62
+ { name: 'Low', abbreviation: 'L' },
63
+ { name: 'High', abbreviation: 'H' }]))
64
+ @properties.push(@vulnerable_system_availability =
65
+ CvssProperty.new(name: 'Vulnerable System Availability Impact', abbreviation: 'VA',
66
+ values: [{ name: 'None', abbreviation: 'N' },
67
+ { name: 'Low', abbreviation: 'L' },
68
+ { name: 'High', abbreviation: 'H' }]))
69
+ @properties.push(@subsequent_system_confidentiality =
70
+ CvssProperty.new(name: 'Subsequent System Confidentiality Impact', abbreviation: 'SC',
71
+ values: [{ name: 'None', abbreviation: 'N' },
72
+ { name: 'Low', abbreviation: 'L' },
73
+ { name: 'High', abbreviation: 'H' }]))
74
+ @properties.push(@subsequent_system_integrity =
75
+ CvssProperty.new(name: 'Subsequent System Integrity Impact', abbreviation: 'SI',
76
+ values: [{ name: 'None', abbreviation: 'N' },
77
+ { name: 'Low', abbreviation: 'L' },
78
+ { name: 'High', abbreviation: 'H' }]))
79
+ @properties.push(@subsequent_system_availability =
80
+ CvssProperty.new(name: 'Subsequent System Availability Impact', abbreviation: 'SA',
81
+ values: [{ name: 'None', abbreviation: 'N' },
82
+ { name: 'Low', abbreviation: 'L' },
83
+ { name: 'High', abbreviation: 'H' }]))
84
+ end
85
+ end
86
+ end